CVE-2020-25766

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2020-25766

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-25766.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-25766

Published

2020-09-18T18:15:17.347Z

Modified

2026-04-10T04:25:15.287267Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

An issue was discovered in MISP before 2.4.132. It can perform an unwanted action because of a POST operation on a form that is not linked to the login page.

References

Affected packages

Git / github.com/misp/misp

Affected ranges

Type

GIT

Repo

https://github.com/misp/misp

Events

Introduced

Fixed

90517f591b6f37960e78dcdf7d4c6245baf78821

Fixed

164963100a830234744a6004d5eda55d24e97b2a

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2.4.132"
        }
    ]
}

Affected versions

Other

codename/tellurium

v0.*

v0.2

v2.*

v2.3.0

v2.4.0

v2.4.1

v2.4.10

v2.4.100

v2.4.101

v2.4.102

v2.4.106

v2.4.107

v2.4.109

v2.4.11

v2.4.110

v2.4.111

v2.4.118

v2.4.120

v2.4.121

v2.4.122

v2.4.123

v2.4.125

v2.4.127

v2.4.128

v2.4.13

v2.4.130

v2.4.14

v2.4.15

v2.4.16

v2.4.17

v2.4.18

v2.4.2

v2.4.20

v2.4.21

v2.4.22

v2.4.23

v2.4.24

v2.4.25

v2.4.26

v2.4.27

v2.4.3

v2.4.34

v2.4.35

v2.4.36

v2.4.37

v2.4.38

v2.4.39

v2.4.4

v2.4.43

v2.4.45

v2.4.46

v2.4.47

v2.4.48

v2.4.5

v2.4.50

v2.4.51

v2.4.52

v2.4.53

v2.4.54

v2.4.56

v2.4.57

v2.4.58

v2.4.59

v2.4.60

v2.4.61

v2.4.62

v2.4.63

v2.4.64

v2.4.65

v2.4.7

v2.4.78

v2.4.80

v2.4.82

v2.4.83

v2.4.85

v2.4.86

v2.4.87

v2.4.88

v2.4.89

v2.4.9

v2.4.91

v2.4.93

v2.4.94

v2.4.95

v2.4.96

v2.4.98

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-25766.json"